First published: Mon Apr 17 2023(Updated: )
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM | =20.3.9 | |
Oracle GraalVM | =21.3.5 | |
Oracle GraalVM | =22.3.1 | |
Oracle JDK | =1.8.0-update361 | |
Oracle JDK | =11.0.18 | |
Oracle JDK | =17.0.6 | |
Oracle JRE | =1.8.0-update361 | |
Oracle JRE | =11.0.18 | |
Oracle JRE | =17.0.6 | |
debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
debian/openjdk-20 | 20.0.2+9-1 | |
debian/openjdk-8 | 8u392-ga-1 | |
NetApp 7-Mode Transition Tool | ||
Netapp Brocade San Navigator | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Oracle OpenJDK | <8 | |
Oracle OpenJDK | >=11<=11.0.18 | |
Oracle OpenJDK | >=17<=17.0.6 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-milestone1 | |
Oracle OpenJDK | =8-milestone2 | |
Oracle OpenJDK | =8-milestone3 | |
Oracle OpenJDK | =8-milestone4 | |
Oracle OpenJDK | =8-milestone5 | |
Oracle OpenJDK | =8-milestone6 | |
Oracle OpenJDK | =8-milestone7 | |
Oracle OpenJDK | =8-milestone8 | |
Oracle OpenJDK | =8-milestone9 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update242 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update252 | |
Oracle OpenJDK | =8-update262 | |
Oracle OpenJDK | =8-update271 | |
Oracle OpenJDK | =8-update281 | |
Oracle OpenJDK | =8-update282 | |
Oracle OpenJDK | =8-update291 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =8-update302 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update312 | |
Oracle OpenJDK | =8-update322 | |
Oracle OpenJDK | =8-update332 | |
Oracle OpenJDK | =8-update342 | |
Oracle OpenJDK | =8-update352 | |
Oracle OpenJDK | =8-update362 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =20 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-21954 is a vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products.
The affected versions are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1.
CVE-2023-21954 has a severity value of 5.9, which is classified as medium severity.
To fix this vulnerability, update Oracle Java SE to versions 11.0.20, 17.0.7, and 20.0.2, or apply the provided patches from the referenced links.
You can find more information about CVE-2023-21954 at the provided GitHub links.